Fixed issue: #3812 Insufficient validation of PHP version selector.

Till Brehm

2016-03-29 e1b4cacb8d66891ce11dd4203bd92aa265fffcde

 interface/web/sites/web_vhost_subdomain_edit.php

@@ -341,6 +341,8 @@
      $this->dataRecord["ipv6_address"] = $parent_domain["ipv6_address"];
      $this->dataRecord["client_group_id"] = $parent_domain["client_group_id"];
      $this->dataRecord["vhost_type"] = 'name';
      $this->dataRecord["system_user"] = $parent_domain["system_user"];
      $this->dataRecord["system_group"] = $parent_domain["system_group"];

      $this->parent_domain_record = $parent_domain;

@@ -348,6 +350,11 @@

      if($app->tform->getCurrentTab() == 'domain') {

         // Check that domain (the subdomain part) is not empty
         if(!preg_match('/^[a-zA-Z0-9].*/',$this->dataRecord['domain'])) {
            $app->tform->errorMessage .= $app->tform->lng("subdomain_error_empty")."<br />";
         }
			
         /* check if the domain module is used - and check if the selected domain can be used! */
         $app->uses('ini_parser,getconf');
         $settings = $app->getconf->get_global_config('domains');
@@ -394,15 +401,15 @@
         $client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
         $client = $app->db->queryOneRecord("SELECT limit_traffic_quota, limit_web_subdomain, default_webserver, parent_client_id, limit_web_quota, client." . implode(", client.", $read_limits) . " FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");

         if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = '-';
         if($client['limit_ssi'] != 'y') $this->dataRecord['ssi'] = '-';
         if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = '-';
         if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = '-';
         if($client['limit_python'] != 'y') $this->dataRecord['python'] = '-';
         if($client['limit_cgi'] != 'y') $this->dataRecord['cgi'] = 'n';
         if($client['limit_ssi'] != 'y') $this->dataRecord['ssi'] = 'n';
         if($client['limit_perl'] != 'y') $this->dataRecord['perl'] = 'n';
         if($client['limit_ruby'] != 'y') $this->dataRecord['ruby'] = 'n';
         if($client['limit_python'] != 'y') $this->dataRecord['python'] = 'n';
         if($client['force_suexec'] == 'y') $this->dataRecord['suexec'] = 'y';
         if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = '-';
         if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = '-';
         if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = '-';
         if($client['limit_hterror'] != 'y') $this->dataRecord['errordocs'] = 'n';
         if($client['limit_wildcard'] != 'y' && $this->dataRecord['subdomain'] == '*') $this->dataRecord['subdomain'] = 'n';
         if($client['limit_ssl'] != 'y') $this->dataRecord['ssl'] = 'n';

         // only generate quota and traffic warnings if value has changed
         if($this->id > 0) {
@@ -455,15 +462,15 @@
            $this->dataRecord['web_folder'] = $tmp['web_folder']; // cannot be changed!

            // set the settings to current if not provided (or cleared due to limits)
            if($this->dataRecord['cgi'] == '-') $this->dataRecord['cgi'] = $tmp['cgi'];
            if($this->dataRecord['ssi'] == '-') $this->dataRecord['ssi'] = $tmp['ssi'];
            if($this->dataRecord['perl'] == '-') $this->dataRecord['perl'] = $tmp['perl'];
            if($this->dataRecord['ruby'] == '-') $this->dataRecord['ruby'] = $tmp['ruby'];
            if($this->dataRecord['python'] == '-') $this->dataRecord['python'] = $tmp['python'];
            if($this->dataRecord['suexec'] == '-') $this->dataRecord['suexec'] = $tmp['suexec'];
            if($this->dataRecord['errordocs'] == '-') $this->dataRecord['errordocs'] = $tmp['errordocs'];
            if($this->dataRecord['subdomain'] == '-') $this->dataRecord['subdomain'] = $tmp['subdomain'];
            if($this->dataRecord['ssl'] == '-') $this->dataRecord['ssl'] = $tmp['ssl'];
            if($this->dataRecord['cgi'] == 'n') $this->dataRecord['cgi'] = $tmp['cgi'];
            if($this->dataRecord['ssi'] == 'n') $this->dataRecord['ssi'] = $tmp['ssi'];
            if($this->dataRecord['perl'] == 'n') $this->dataRecord['perl'] = $tmp['perl'];
            if($this->dataRecord['ruby'] == 'n') $this->dataRecord['ruby'] = $tmp['ruby'];
            if($this->dataRecord['python'] == 'n') $this->dataRecord['python'] = $tmp['python'];
            if($this->dataRecord['suexec'] == 'n') $this->dataRecord['suexec'] = $tmp['suexec'];
            if($this->dataRecord['errordocs'] == 'n') $this->dataRecord['errordocs'] = $tmp['errordocs'];
            if($this->dataRecord['subdomain'] == 'n') $this->dataRecord['subdomain'] = $tmp['subdomain'];
            if($this->dataRecord['ssl'] == 'n') $this->dataRecord['ssl'] = $tmp['ssl'];

            unset($tmp);
            // When the record is inserted
@@ -555,6 +562,32 @@
            $app->tform->errorMessage .= $app->tform->lng("invalid_rewrite_rules_txt").'<br>';
         }
      }
		
      // Check custom PHP version
      if(isset($this->dataRecord['fastcgi_php_version']) && $this->dataRecord['fastcgi_php_version'] != '') {
         // Check php-fpm mode
         if($this->dataRecord['php'] == 'php-fpm'){
            $tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fpm_init_script,':',php_fpm_ini_dir,':',php_fpm_pool_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
            if(is_array($tmp)) {
               $this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fpm_init_script'].':'.$tmp['php_fpm_ini_dir'].':'.$tmp['php_fpm_pool_dir'];
            } else {
               $this->dataRecord['fastcgi_php_version'] = '';
            }
            unset($tmp);
         // Check fast-cgi mode
         } elseif($this->dataRecord['php'] == 'fast-cgi') {
            $tmp = $app->db->queryOneRecord("SELECT * FROM server_php WHERE CONCAT(name,':',php_fastcgi_binary,':',php_fastcgi_ini_dir) = '".$app->db->quote($this->dataRecord['fastcgi_php_version'])."'");
            if(is_array($tmp)) {
               $this->dataRecord['fastcgi_php_version'] = $tmp['name'].':'.$tmp['php_fastcgi_binary'].':'.$tmp['php_fastcgi_ini_dir'];
            } else {
               $this->dataRecord['fastcgi_php_version'] = '';
            }
            unset($tmp);
         } else {
            // Other PHP modes do not have custom versions, so we force the value to be empty
            $this->dataRecord['fastcgi_php_version'] = '';
         }
      }

      parent::onSubmit();
   }
@@ -601,24 +634,27 @@

   function onAfterUpdate() {
      global $app, $conf;
		
      //* Update settings when parent domain gets changed
      if(isset($this->dataRecord["parent_domain_id"]) && $this->dataRecord["parent_domain_id"] != $this->oldDataRecord["parent_domain_id"]) {
         // Get configuration for the web system
         $app->uses("getconf");
         $web_rec = $app->tform->getDataRecord($this->id);
         $web_config = $app->getconf->get_server_config($app->functions->intval($web_rec["server_id"]), 'web');

      // Get configuration for the web system
      $app->uses("getconf");
      $web_rec = $app->tform->getDataRecord($this->id);
      $web_config = $app->getconf->get_server_config($app->functions->intval($web_rec["server_id"]), 'web');
         // Set the values for document_root, system_user and system_group
         $system_user = $app->db->quote($this->parent_domain_record['system_user']);
         $system_group = $app->db->quote($this->parent_domain_record['system_group']);
         $document_root = $app->db->quote($this->parent_domain_record['document_root']);
         $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$web_rec['web_folder'], $web_config["php_open_basedir"]);
         $php_open_basedir = str_replace("[website_domain]/web", $web_rec['domain'].'/'.$web_rec['web_folder'], $php_open_basedir);
         $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
         $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));
         $htaccess_allow_override = $app->db->quote($this->parent_domain_record['allow_override']);

      // Set the values for document_root, system_user and system_group
      $system_user = $app->db->quote($this->parent_domain_record['system_user']);
      $system_group = $app->db->quote($this->parent_domain_record['system_group']);
      $document_root = $app->db->quote($this->parent_domain_record['document_root']);
      $php_open_basedir = str_replace("[website_path]/web", $document_root.'/'.$web_rec['web_folder'], $web_config["php_open_basedir"]);
      $php_open_basedir = str_replace("[website_domain]/web", $web_rec['domain'].'/'.$web_rec['web_folder'], $php_open_basedir);
      $php_open_basedir = str_replace("[website_path]", $document_root, $php_open_basedir);
      $php_open_basedir = $app->db->quote(str_replace("[website_domain]", $web_rec['domain'], $php_open_basedir));
      $htaccess_allow_override = $app->db->quote($this->parent_domain_record['allow_override']);

      $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($this->parent_domain_record['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir'  WHERE domain_id = ".$this->id;
      $app->db->query($sql);
         $sql = "UPDATE web_domain SET sys_groupid = ".$app->functions->intval($this->parent_domain_record['sys_groupid']).",system_user = '$system_user', system_group = '$system_group', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir'  WHERE domain_id = ".$this->id;
         $app->db->query($sql);
      }
   }

}